Skip to main content
Security Scorecard

How to Build a Cyber Threat Intelligence Plan

Posted on July 11th, 2019

There seems to be a new mention of another cyberattack in the news almost daily. So it’s increasingly important to remain vigilant and not to let your company fall victim to a cyberattack. One way to ensure you stay safe is to build a cyber threat intelligence plan so that you can stay on top of incidents and know what to do if a threat occurs.

Threat intelligence is a growing field. According to the SANS Institute, threat intelligence is identified as “the set of data collected, assessed, and applied regarding security threats, threat actors, exploits, malware, vulnerabilities, and compromise indicators.”

It’s more than one person can manage alone. A threat intelligence program provides a consistent way to manage emerging or potential threats and all the data associated with them to keep your information safe now and in the future.

If you unsure where to start to set up a cyber threat intelligence plan, check out the following steps:

Identify the threat landscape

A cyber threat intelligence plan includes a lot of variables, depending on the type of business you have, the size of the business, and the past and potential threats. Some companies and industries may seem more vulnerable than others, but any organization that stores any type of data or information can be the target of an attack.

Identifying the threat landscape is all about information.

  • What do threats look like?
  • Do you have a plan in place for detecting them?

When thinking about the landscape, it’s essential to teach your team to understand and be ready to fully explain a threat if it happens (or almost happens). This includes explaining where the threat started, what type of attack was used, which systems were impacted, and what information was compromised and how much of it is public data.

Fully understanding the landscape gives you the tools to better respond if a threat occurs.

Document threat intelligence sources

When it comes to cyber threats, there can be a massive amount of data to manage. Your program will be most effective if it is streamlined to include pertinent information together with a constant filtering of new information. Cyber threats and issues are changing constantly, requiring consistent monitoring.

The most useful information will usually come from sources of authority in the field. But not every article you read online should go in your threat program documentation. Stick to information that’s from a trusted source and that provides quality tips and solid reporting.

Document intelligence sources that provide actionable things that you can do in your organization. Threat bulletins are valuable because they include a threat as well as the steps that you can take before a breach happens to cut it off before it becomes an issue.

Collect sources of information that are applicable to your business field and infrastructure. Tips for a mom and pop business won’t help a major corporate enterprise (and vice versa). Collect information related to your field and business size.

Manage sources

As you are collecting information for a cyber threat intelligence plan, the amount of information can get overwhelming. You, therefore, need to manage and file information in a usable manner and cull outdated or repetitive sources.

There are two types of information to consider:

  1. Long-term knowledge base of articles, tips, and actionable items
  2. Data or information that requires immediate action

As you are collecting sources of information about cybersecurity, it is important to understand the differences and immediacy of the data types so that you can proceed accordingly. That’s why it is important to assign someone to manage information sources.

Further, someone should be prepared to manage your company’s threat documentation so that it remains a valuable resource over time.

Assign roles and tasks

Everyone in your company is part of your cyber threat team whether they know it or not. Provide training, and assign roles and tasks for team members to help identify and manage threats.

Key roles include assigning a point person for managing cybersecurity, collecting data and information, monitoring systems, assessing potential threats, and distributing information to the team.

Establish the right program for your business size

Cyber threat management can be a big job and while there are a lot of things to consider, it will only work if the program is tailored to the size of your company. Otherwise, creating a cyber threat program can overwhelm employees and overtake your primary business.

Having a third-party resource available can take the strain off teams of all sizes. SecurityScorecard has cybersecurity solutions to help you build a more secure ecosystem and they have experience in a variety of industries.

Evaluate periodically

A cybersecurity program is only as good as the information contained within. It needs to be evaluated periodically to ensure the information and processes in place are still appropriate for your business.

Particularly, if you experience strong growth or changes in products or your business model, it’s time to take a fresh look at how you are managing your cybersecurity.

Don't go it alone

Cybersecurity is a growing field. If the abundance of information feels overwhelming, there are teams out there that can help.

Look for a partner that understands the risks, the needs of different industries and organizations, and that can deliver measurable results so that you get the most from your cyber threat intelligence plan.

Return to Blog
Join us in making the world a safer place.